Cryptography-Based Authentication for Protecting Cyber Systems

Entity authentication is a fundamental building block for system security and has been widely used to protect cyber systems. Nonetheless, the role of cryptography in entity authentication is not very clear, although cryptography is known for providing confidentiality, integrity, and non-repudiation. This chapter studies the roles of cryptography in three entity authentication categories: knowledge-based authentication, token-based authentication, and biometric authentication. For these three authentication categories, we discuss (1) the roles of cryptography in the generation of password verification data, in password-based challenge/response authentication protocol, and in password-authenticated key exchange protocols; (2) the roles of cryptography in both symmetric key-based and private key-based token authentications; (3) cryptographic fuzzy extractors, which can be used to enhance the security and privacy of biometric authentication. This systematic study of the roles of cryptography in entity authentication will deepen our understanding of both cryptography and entity authentication and can help us better protect cyber systems.

Emerging Security Issues in VANETs for E-Business

This chapter presents the emerging security issues in Vehicular Ad hoc Networks (VANETs) for e-business along with some of the solutions provided by the research community. The VANET will facilitate new applications for e-business that will revolutionize the driving experience, providing everything from instant, localized traffic updates to warning signals when the vehicle ahead abruptly brakes. In the emerging global economy, e-business has increasingly become a necessary component of business strategy and a strong catalyst for economic development. In near future, vehicles may be equipped with short-range radios capable of communicating with other vehicles and highway infrastructure using a VANET. However, providing security in VANETs for e-business raises privacy concerns that must be considered. The deployment of VANETs for e-business is rapidly approaching, and their success and safety will depend on viable security solutions acceptable to consumers, manufacturers and governments.

A Taxonomic View of Consumer Online Privacy Legal Issues, Legislation, and Litigation

In this chapter, consumer online privacy legal issues are identified and discussed. Followed by the literature review in consumer online privacy legislation and litigation, a relational model is presented to explore the relationship of the issues, legal protections, and the remedies and risks for not complying with the legal requirements. Two survey studies are used to reinforce the vital need for a stronger role by the government and business community as well as the privacy awareness from online consumers themselves. This chapter is concluded with a vital call for consumer privacy education and awareness and government and legislators’ attention and timely responses with legislation that protects consumers against those who would misuse the technology.

E-Government, Security, and Cyber-Privacy

E-government involves governments at all levels using advanced technology and communication tools to provide services, allow for transactions, and respond to citizen’s needs and requests. This on-line version of government, which is designed to enhance efficiency and improve operations, relies heavily on a network of data structures that are currently in place. While much has been written about e-government, few studies exist that link the concepts of e-government and security with individual rights and government responsibility. Now more than ever, progressive changes in technology allow public and private sector entities to routinely collect, store, and disseminate large files of personal information about the citizens and clients they interact with. The power associated with the magnitude of this information requires great responsibility and accountability. This chapter is a beginning point to discuss how governments in the United States attempt to maintain secure fortresses of data, limit the dissemination of sensitive information to unauthorized parties, and ensure on line privacy for citizens.

Regulation of Cybercafés in Nigeria

The purpose of this chapter is to discuss regulation of cybercafés in Nigeria. It describes cyber crime in relation to cybercafé, the incidents of cybercrime as well as crime associated with cyber usage. The chapter reveals why cybercafés are used as havens for cybercrimes in Nigeria and looks at efforts made by Nigerian government to regulate cybercafé as well as challenges of regulating cybercafés in the country.

Publicly Available Computers

Businesses and governments continue to expand the use of the internet to access and provide a wide range services to consumers. This change in service delivery presents a potential access barrier for people who do not have access to the internet available in their homes. Publicly available computers attempt to bridge this gap; however, it is not clear if people are willing to use computers in these environments to engage in the full range of web-based activities, particularly online transactions. We expand Triandis’ modified TRA model to consider user characteristics and the impact of the physical and virtual environment on public transactional use of websites. Results indicate that people are sensitive to the physical environment surrounding the computer and that Internet self-efficacy supports public transactional use while individual need for privacy deters transactional use in a public environment. In addition, people without personal internet access do complete transactions at other non-public locations and that completing transactions from non-public locations is a strong determinant of public transactional use.

The Human Attack in Linguistic Steganography

This chapter develops a linguistically robust encryption system, Lunabel, which converts a message into syntactically and semantically innocuous text. Drawing upon linguistic criteria, Lunabel uses word replacement, with substitution classes based on traditional linguistic features (syntactic categories and subcategories), as well as features under-exploited in earlier works: semantic criteria, graphotactic structure, and inflectional class. The original message is further hidden through the use of cover texts—within these, Lunabel retains all function words and targets specific classes of content words for replacement, creating text which preserves the syntactic structure and semantic context of the original cover text. Lunabel takes advantage of cover text styles which are not expected to be necessarily comprehensible to the general public, making any semantic anomalies more opaque. This line of work has the promise of creating encrypted texts which are less detectable to human readers than earlier steganographic efforts.

Ensuring Users’ Rights to Privacy, Confidence and Reputation in the Online Learning Environment

There is no clear right to privacy, confidence, and reputation in United States case law or in legislation for students in the online environment. While some privacy interests are protected under a variety of legal theories, none expressly applies to online education. This study examines pertinent issues concerning the privacy rights of students while engaged in online learning. A survey of students using online tools in their courses demonstrated a widespread belief that their communications were private. A second survey of business law instructors using online tools revealed a lack of awareness of the potential for abuse by third parties able to access users’ information. Survey results were inconclusive with regard to the existence of policies and procedures within the institutions with regard to protecting users’ privacy rights in online instruction. Survey respondents made several recommendations for action to mediate the lack of existing protections for privacy in online learning.

Definition, Typology and Patterns of Victimization

In this chapter, an attempt is made to operationally define cyber crimes against women, as we have found that the definitions of cyber crimes have changed in the past decade and we presume that even this will change in the future decades to come. In addition, the current definitions do not specifically fit in to the nitty-gritty issues of cyber crimes against women and a succinct operational definition is provided. A new set of typology is made with regard to the cyber crimes against women as not all type of crimes fit to the category of cyber crimes against women. The patterns of victimization of women in cyberspace are dealt by qualitative case studies along with the typology.

Secure Electronic Voting with Cryptography

In recent years, computer and network-based voting technologies have been gradually adopted for various elections. However, due to the fragile nature of electronic ballots and voting software, computer voting has posed serious security challenges. This chapter studies the security of computer voting and focuses on a cryptographic solution based on mix-nets. Like traditional voting systems, mix-net-based computer voting provides voter privacy and prevents vote selling/buying and vote coercion. Unlike traditional voting systems, mix-net-based computer voting has several additional advantages: 1) it offers vote verifiability, allowing individual voters to directly verify whether their votes have been counted and counted correctly; 2) it allows voters to check the behavior of potentially malicious computer voting machines and thus does not require voters to blindly trust computer voting machines. In this chapter, we give the full details of the building blocks for the mix-net-based computer voting scheme, including semantically secure encryption, threshold decryption, mix-net, and robust mix-net. Future research directions on secure electronic voting are also discussed.